From a205bf878084d74872fbad45fac030ad2cb74970 Mon Sep 17 00:00:00 2001 From: Jon Leighton Date: Fri, 15 Jun 2012 16:01:38 +0100 Subject: Fix config.active_record.whitelist_attributes with AR::Model --- activerecord/lib/active_record/attribute_assignment.rb | 13 +++++++++++++ activerecord/lib/active_record/railtie.rb | 3 --- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'activerecord/lib') diff --git a/activerecord/lib/active_record/attribute_assignment.rb b/activerecord/lib/active_record/attribute_assignment.rb index abc2fa546a..269fc3e381 100644 --- a/activerecord/lib/active_record/attribute_assignment.rb +++ b/activerecord/lib/active_record/attribute_assignment.rb @@ -1,11 +1,24 @@ require 'active_support/concern' module ActiveRecord + ActiveSupport.on_load(:active_record_config) do + mattr_accessor :whitelist_attributes, instance_accessor: false + end + module AttributeAssignment extend ActiveSupport::Concern include ActiveModel::MassAssignmentSecurity + included do + attr_accessible(nil) if Model.whitelist_attributes + end + module ClassMethods + def inherited(child) # :nodoc: + child.attr_accessible(nil) if Model.whitelist_attributes + super + end + private # The primary key and inheritance column can never be set by mass-assignment for security reasons. diff --git a/activerecord/lib/active_record/railtie.rb b/activerecord/lib/active_record/railtie.rb index 6937960e93..bcafcbb76c 100644 --- a/activerecord/lib/active_record/railtie.rb +++ b/activerecord/lib/active_record/railtie.rb @@ -68,9 +68,6 @@ module ActiveRecord initializer "active_record.set_configs" do |app| ActiveSupport.on_load(:active_record) do - if app.config.active_record.delete(:whitelist_attributes) - attr_accessible(nil) - end app.config.active_record.each do |k,v| send "#{k}=", v end -- cgit v1.2.3